PortSwigger

All Photos Twitter.com
Want to discover some tips and tricks from our Burp Suite community on successfully passing the Burp Suite Certified Practitioner exam? #burpsuitecertified portswigger.net/blog/burp-suit…
Planning on having a go at the Burp Suite Certified Practitioner exam? Check out our brand new preparation guidelines for a four step track to success! #burpsuitecertified portswigger.net/web-security/c…
We've just pieced together a playlist with the best recordings of all our past talks. Enjoy! youtube.com/playlist?list=…
Retweeted by PortSwigger
Building on the last two years of his work, get ready for "Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling" from @PortSwiggerRes @albinowax . This new frontier offers both new opportunities and new challenges. #DEFCON30 portswigger.net/research/talks
Thanks to everyone who attended Browser-Powered Desync Attacks, hope you enjoyed it! If you missed it but you're in the area, I'll be doing a repeat at 15:30 on Friday at #DEFCON. You can find the whitepaper, slides, code and labs at portswigger.net/research/brows…
Retweeted by PortSwigger
Introducing Burp Suite 2022.8.1 - supporting the latest research from @PortSwiggerRes's @albinowax. twitter.com/Burp_Suite/sta…
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling by @albinowax portswigger.net/research/brows…
Retweeted by PortSwigger
Coming soon to #DEFCON30 and #BHUSA the latest talk from @PortSwiggerRes @albinowax - Browser-Powered Desync Attacks - shifts the request smuggling frontier, enabling you to turn a victim's browser into a desync delivery platform. portswigger.net/research/talks
At Black Hat 2021 @PortSwiggerRes introduced ​​multiple new classes of HTTP/2-exclusive threats and showed how these flaws enable desync attacks. Catch up on these before @albinowax presents the next stage of the journey, Browser-Powered Desync Attacks. portswigger.net/research/http2
HTTP Request Smuggling was first documented in 2004 but largely forgotten until @PortSwiggerRes revisited it in 2019. Read up on the original research before @albinowax unveils the latest instalment, Browser-Powered Desync Attacks… portswigger.net/research/http-… portswigger.net/research/talks
This is a Burp extension, and it's only a prototype currently - check it out and feel free to share your thoughts with us! twitter.com/PortSwiggerRes…
It’s almost time for #HackerSummerCamp, so let’s take a minute to get nostalgic. We want to hear your highlights from the Black Hats and Def Cons of the past – the best talks, demonstrations, and groundbreaking discoveries that you wish you’d have thought of. Comment below 👇
Retweeted by PortSwigger
Brand new to the 2022.7 release, Burp Scanner can now detect client-side prototype pollution sources automatically - giving you more time to manually examine these sources for vulnerabilities using DOM Invader. portswigger.net/research/wides…
Interested in the Apache request smuggling vulnerability CVE-2022-22720? I'll be sharing full technical details, PoC and demo at #BHUSA & @defcon portswigger.net/research/talks… httpd.apache.org/security/vulne…
Retweeted by PortSwigger
Hey fellows, I completed the PortSwigger Web Security Academy. It was an awesome journey full of learning. All the modules, labs, and most importantly, @albinowax Research are incredible. I recommend everyone to check them out. Thank You @PortSwigger for all this amazing learning
Retweeted by PortSwigger
You can now use DOM Invader to test for client-side prototype pollution. For an overview of how to use the exciting new features from PortSwigger researcher and creator of DOM Invader, Gareth Heyes, check out the following video. youtube.com/watch?v=GeqVMO…
✅Slides drafted ✅Whitepaper drafted ✅@WebSecAcademy labs prepared Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling is coming! portswigger.net/research/talks…
Retweeted by PortSwigger
If you often find yourself dealing with too many Repeater tabs, then you're going to love Burp's new tab grouping feature. portswigger.net/blog/new-repea…
Manual testing with Burp Repeater is now more efficient than ever. Free up screen space by organizing tabs into color-coded groups and collapsing them into a single scrollable row. You can now even search for tabs and groups by name. portswigger.net/burp/releases
Trying to learn SQLi and @PortSwigger Academy so far has the best labs and material to learn from!
Retweeted by PortSwigger
Coming soon to Burp Suite Enterprise Edition - four new scan modes for Burp Scanner, which balance speed and coverage. These suit a range of use cases, and will enable you to get scanning quicker than ever before. #burpsuite #enterprise #scanning youtube.com/watch?v=gIpqo4…
API security problems are responsible for one in 13 security incidents, reports @Imperva portswigger.net/daily-swig/one…
Retweeted by PortSwigger
Well Done @DailySwig for winning Best Security Vendor Blog at the #EUSecBloggersAwards22 during #infosec2022 with @BlackBerrySpark runners up!
Retweeted by PortSwigger
To start finding Client Side Prototype Pollution (CSPP) with DOM Invader, simply enable it in settings and hit reload. You can use our test case to try it out. Don't forget, this is currently only available via our early adopter channel. portswigger-labs.net/dom-invader-pr…
Retweeted by PortSwigger
It's still mind-blowing to me that @PortSwigger Academy is free. It's so good.
Retweeted by PortSwigger
Finding Client-Side Prototype Pollution (CSPP) with DOM Invader by @garethheyes - now available on the Early Adopter channel portswigger.net/blog/finding-c…
Wait, could this actually be Burp Suite... #tease
We've launched a brand new topic with eight new labs for you to get stuck into! The topic will look at how design issues, and flawed handling of JSON web tokens (JWTs), can leave websites vulnerable to a variety of high-severity attacks. portswigger.net/web-security/j…
Retweeted by PortSwigger
Excited to announce "Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling" is coming to @defcon! Can't wait to share it! Check out the abstract here #DEFCON30 portswigger.net/research/talks…
Retweeted by PortSwigger
Building on Burp Suite Enterprise Edition's integration with issue tracking sites like Jira, GitLab, and Trello, you can now bulk raise tickets for faster and more effective remediation. Raise, view, track, and remediate, all within the Enterprise dashboard.
Kickstarted my journey into web application security with the holy grail @WebSecAcademy on my side. - learning material is informative and easy to comprehend - vulnerability labs 🤌🏻 - apt for newbies like me Forever gratefu@PortSwiggerer ⚡
Retweeted by PortSwigger
I'm thrilled to announce Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling. This will premier live in Vegas at @BlackHatEvents' #BHUSA. Check out the teaser: blackhat.com/us-22/briefing…
Retweeted by PortSwigger
The Daily Swig’s @JesscaHaworth took to the virtual stage at the recent @InfoSecComm conference with her talk, ‘Beyond the Twitterverse: How to increase visibility of your research by working with the media’ Watch it here: youtube.com/watch?v=bbXJ9E…
Retweeted by PortSwigger
Hunting evasive vulnerabilities: finding flaws that others miss - from @albinowax - premiered at Nullcon Berlin. If you didn't catch the live event, it's now available on YouTube. portswigger.net/research/hunti…
Retweeted by PortSwigger
Did you guys notice the MAJOR bug fix we released recently...?
Burp Suite Enterprise Edition is the dynamic web vulnerability scanner that can help you to secure your whole portfolio. To help you achieve that, this article contains some advice on how to optimize your dynamic scanning for a range of requirements. portswigger.net/blog/burp-suit…
Burp Suite Enterprise Edition now includes compliance reports for the PCI DSS standard and 2021 OWASP Top 10. This makes it easier than ever to check for relevant vulnerabilities across your whole web portfolio. #Burpsuite portswigger.net/burp/releases/…
Love Burp but want something different from the message editor? Never fear - you can now customize the message editor, including tabs for headers, query params, body params, cookies, and attributes. portswigger.net/burp/releases/…
Confused by our use of the term "agents" to describe the highly flexible scanning model in Burp Suite Enterprise Edition? So were we, so we decided to make a change. #burpsuite portswigger.net/blog/confused-…
Burp Scanner's powerful crawler has multiple strategies available to aid you in discovering attack surface. We've just made the new "Fastest" crawl strategy, now available in Burp Suite Professional 2022.2.3, even faster when used against static sites. portswigger.net/blog/burp-scan…
Brand new for the 2022.3 release, auto-scaling harnesses the power of Kubernetes to allow Burp Suite Enterprise Edition to spin up scanning machines only when they are needed. Read our documentation to discover more about this latest deployment option. portswigger.net/burp/documenta…
You can now send stories/tips anonymously via #SecureDrop. Find out more here portswigger.net/daily-swig/sec…
Retweeted by PortSwigger
The all-new way to deploy Burp Suite Enterprise Edition to Kubernetes has arrived - bringing powerful new auto-scaling capabilities with it. Read our blog post to discover more. #burpsuite #kubernetes #Enterprise portswigger.net/blog/burp-suit…
Enterprise Edition 2022.3 is now released. This version introduces a new Kubernetes deployment option featuring auto-scaling scanning resources, as well as several minor bug fixes portswigger.net/burp/releases/…
Retweeted by PortSwigger
So, the scanner team didn’t think us "marketing folk" would catch on to their shenanigans, eh? Rest assured, the "passive-aggressive" scan checks will not be going live, and the individuals responsible have been made to learn their lesson. #AprilFool portswigger.net/blog/passive-a…
"Hunting evasive vulnerabilities: finding flaws that others miss" - from @albinowax - will be premiering at @nullcon Berlin in just a few days. If you can't catch the live event, it'll be available on YouTube post-conference. portswigger.net/research/talks…
Our expensive lawyers have brought it to our attention that you are passing off a bodily part as a PortSwigger product. We demand that you desist and remove our trademark from your limb (or the limb itself) within 7 days. #April1 twitter.com/scp_localhost/…
We're thrilled to announce that, as of today, all passive checks detected by Burp Scanner will be replaced with passive-aggressive checks! If you could all go ahead and get familiar with these new scan checks that would be great … #burpsuite portswigger.net/blog/passive-a…
Twiends™ uses the Twitter™ API, displays it's logo & trademarks, and is not endorsed or certified by them. These items remain the property of Twitter. We do not sell followers, we only provide display advertising. Bots & fake accounts are not permitted on twiends. © 2009
Grow Your Twitter Free
Want To Grow Your Twitter?
We help other people find and follow you on Twitter.
Key Info:
Started in 2009
Over 6 million signups
Country targeting provided
We never auto tweet to your timeline
We never auto follow others
We actively moderate our community
Please Share
Please upgrade your browser  chrome